<?php
use Lib\ResLoader;
class App_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
    /**
     * @var Zend_Auth
     */
    protected $_auth = null;

    /**
     * @var Zend_Acl
     */
    protected $_acl = null;

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        //        return false;
        $this->_auth = Zend_Auth::getInstance();
        $this->_acl = $this->getAcl();

        $role = 'guest';
        if ($this->_auth->hasIdentity()) {
            $data = $this->_auth->getStorage()->read();
            if ($data->isAdmin) {
                $role = 'admin';
            } else {
                $role = 'user';
            }
        }
        $resource = $request->controller;
        $privilege = $request->action;

        if (!$this->_acl->has($resource)) {
            $resource = null;
        }

        //         ACL Access Check
        if (!$this->_acl->isAllowed($role, $resource, $privilege)) {

            $messenger = new Lib_Flash();
            $messenger->addMessage('Please, login to do that.', Lib_Flash::ERROR, Lib_Flash::PRE);

            $request->setControllerName('index');
            $request->setActionName('login');
        }
    }

    private function getAcl()
    {
        $acl = new Zend_Acl();

        $guest = new Zend_Acl_Role('guest');
        $user = new Zend_Acl_Role('user');
        $admin = new Zend_Acl_Role('admin');

        $acl->addRole($guest)
                ->addRole($user, $guest)
                ->addRole($admin, $user);

        $index = new Zend_Acl_Resource('index');
        $admin = new Zend_Acl_Resource('admin');
        $map = new Zend_Acl_Resource('map');
        $payment = new Zend_Acl_Resource('payment');
        $ajax = new Zend_Acl_Resource('ajax');
        $error = new Zend_Acl_Resource('error');
        $delivery = new Zend_Acl_Resource('delivery');
        $userResource = new Zend_Acl_Resource('user');
        $usersResource = new Zend_Acl_Resource('users');
        $reportResource = new Zend_Acl_Resource('report');
        $photoResource = new Zend_Acl_Resource('photo');
        $questsResource= new Zend_Acl_Resource('quests');
        $pagesResource=  new Zend_Acl_Resource('pages');

        $acl->addResource($index)
                ->addResource($admin)
                ->addResource($map)
                ->addResource($payment)
                ->addResource($ajax)
                ->addResource($error)
                ->addResource($delivery)
                ->addResource($userResource)
                ->addResource($usersResource)
                ->addResource($reportResource)
                ->addResource($photoResource)
                ->addResource($questsResource)
                ->addResource($pagesResource);

        $acl->deny(null, null, null);
        $acl->allow('guest', 'index', null)
                ->allow('guest', 'ajax', null)
                ->allow('guest', 'error', null)
                ->allow('user', 'map', null)
                ->allow('user', 'payment', null)
                ->allow('user', 'user', null)
                ->allow('admin', 'admin', null)
                ->allow('admin', 'delivery', null)
                ->allow('admin', 'users', null)
                ->allow('guest', 'report', null)
                ->allow('admin', 'photo', null)
                ->allow('admin', 'quests', null)
                ->allow('admin', 'pages', null)
                ->allow('guest', 'user', 'view');
        //Разрешаем для Cron'a отправляет сообщения.
        $acl->allow('guest', 'delivery', 'send');


        return $acl;
    }

}
